search

FRRouting / frr

The FRRouting Protocol Suite
https://frrouting.org/
Other
3.18k stars 1.23k forks source link

Prefix-List Configuration Errors in FRR Version 10.0.1 #16386

Closed ryhoofr closed 1 month ago

ryhoofr commented 1 month ago

Hi,

Description

We have been using FRR for over a year, starting initially with version 9.0.1 and later upgrading to version 9.1, which worked perfectly for our use case of announcing /32 IPs for Anycast purposes. However, after upgrading to FRR version 10.0.1, we started encountering error logs indicating that no connected daemon is interested in specific XPATHs related to ANYCAST and DENY prefix lists. Despite these errors, the functionality of announcing to neighbors remains unchanged.

Version:

System: Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-113-generic x86_64)
Libyang: 2.1.128-2~ubuntu22.04u1
FRR: FRRouting 10.0.1 (dvxxxxx02) on Linux(5.15.0-113-generic)

How to reproduce

Upgrade FRR from version 9.1 to 10.0.1. Apply a configuration similar to what was used in previous versions, including ANYCAST and DENY prefix lists. Observe the mentioned error logs after restarting FRR.

frr version 10.0.1
frr defaults traditional
hostname dvxxxxx02
log syslog informational
no ip forwarding
no ipv6 forwarding
service integrated-vtysh-config
!
ip prefix-list DENY seq 5 deny any
ip prefix-list ANYCAST seq 5 permit 192.168.50.1/32
!
end

Expected behavior

No error logs regarding the XPATHs of ANYCAST and DENY prefix lists should appear, similar to the behavior observed in previous versions of FRR.

Actual behavior

Error logs appear, indicating that no connected daemon is interested in the specific XPATHs related to ANYCAST and DENY prefix lists.

Jul 12 12:12:15 dvxxxxx02 mgmtd[20278]: [HCZYS-5H9EK] mgmt_txn_create_config_batches: ERROR: No connected daemon is interested in XPATH /frr-filter:lib/prefix-list[type='ipv4'][name='ANYCAST']
Jul 12 12:12:15 dvxxxxx02 mgmtd[20278]: [HCZYS-5H9EK] mgmt_txn_create_config_batches: ERROR: No connected daemon is interested in XPATH /frr-filter:lib/prefix-list[type='ipv4'][name='ANYCAST']/entry[sequence='5']
Jul 12 12:12:15 dvxxxxx02 mgmtd[20278]: [HCZYS-5H9EK] mgmt_txn_create_config_batches: ERROR: No connected daemon is interested in XPATH /frr-filter:lib/prefix-list[type='ipv4'][name='ANYCAST']/entry[sequence='5']/action
Jul 12 12:12:15 dvxxxxx02 mgmtd[20278]: [HCZYS-5H9EK] mgmt_txn_create_config_batches: ERROR: No connected daemon is interested in XPATH /frr-filter:lib/prefix-list[type='ipv4'][name='ANYCAST']/entry[sequence='5']/ipv4-prefix
Jul 12 12:12:15 dvxxxxx02 mgmtd[20278]: [HCZYS-5H9EK] mgmt_txn_create_config_batches: ERROR: No connected daemon is interested in XPATH /frr-filter:lib/prefix-list[type='ipv4'][name='DENY']
Jul 12 12:12:15 dvxxxxx02 mgmtd[20278]: [HCZYS-5H9EK] mgmt_txn_create_config_batches: ERROR: No connected daemon is interested in XPATH /frr-filter:lib/prefix-list[type='ipv4'][name='DENY']/entry[sequence='5']
Jul 12 12:12:15 dvxxxxx02 mgmtd[20278]: [HCZYS-5H9EK] mgmt_txn_create_config_batches: ERROR: No connected daemon is interested in XPATH /frr-filter:lib/prefix-list[type='ipv4'][name='DENY']/entry[sequence='5']/action
Jul 12 12:12:15 dvxxxxx02 mgmtd[20278]: [HCZYS-5H9EK] mgmt_txn_create_config_batches: ERROR: No connected daemon is interested in XPATH /frr-filter:lib/prefix-list[type='ipv4'][name='DENY']/entry[sequence='5']/any

Additional context

The /32 IP addresses are managed by a Keepalived binary, which, through health checks, determines whether an Anycast IP address should be assigned to a particular node. This mechanism allows us to condition the BGP announcement of the Anycast IP based on the health check results from Keepalived. Only when Keepalived deems a node healthy and assigns it the Anycast IP, do we proceed to announce this IP to our BGP peers. This setup ensures that traffic is only directed to nodes that are currently capable of handling it.

Anthony

vecinohk commented 1 month ago

This looks like the same problem I reported in version 10.0. https://github.com/FRRouting/frr/issues/16043 @choppsv1

Axel-ineff commented 1 month ago

I am very interested in the answer as well; we have the same problem with FRR 10.0.

choppsv1 commented 1 month ago

Just checking, the error message is the issue, the prefix lists are still getting applied and working when FRR is fully up, is that correct?

ryhoofr commented 1 month ago

@choppsv1 Yes, that's correct. Despite the error messages, the application of the prefix-lists is functioning properly.